Re: ASCII Captcha

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29 Aug 2008, at 19:03, tedd wrote:
At 5:06 PM +0100 8/29/08, Stut wrote:
On 29 Aug 2008, at 16:33, tedd wrote:
I didn't mean to imply laziness, but now that you mentioned it -- on one hand we say that CAPTCHA is good enough until something else comes along, but on the other hand, because we are using CAPTCHA, there's no need to develop something else.

I think this is very naive and coming from you tedd it surprises me.

From my perspective, I think it naive to look at this in any other way.

For example, how much time have you invested in finding a better way? I'm not pointing a finger at you and saying "You need to drop everything and come up with a solution before moving on." But I am saying that you are using a CAPTCHA until someone else comes up with a better way. Is that not true?

So, in essence my statement above is not naive but rather factual. Factual is not naive.

Not at all. I spend a fair amount of time thinking about ways to make my work more secure. I would hope that goes for most developers, especially if they realise that a CAPTCHA is not 100% effective. However, this is the way research works. Most people (i.e. the work-a- day folk) spend most of their time making stuff. The few people who are lucky enough to either work for a company that gives them time to do research or actually does it for a living are the ones more likely to hit upon a new solution.

I don't think this makes us lazy, or wrong, for continuing to use the current tool - it makes us practical. If I have a eureka moment at any point rest assured I will put some personal time aside to look into it (as I have in other areas) and if something comes of it I'd publish it on my blog.

So, in essence your statement is assumptive, judgemental and sweeping. That's not factual.

Very few developers have time to put everything on hold because the tools they have are not 100% effective - I certainly don't. I really wish I did, but this is the real world where the almighty pound is king. I'd love to see the faces at the next board meeting when I say "no progress this month because we've been trying to come up with something better than CAPTCHA's".

You are missing the point. I'm not telling you to stop anything.

I am saying -- however -- that we continue (myself included) to use technology that hurts others. That does not justify our actions -- it only provides an excuse.

When you say it hurts others I assume you mean excludes users who, for whatever reason, cannot pass the CAPTCHA test. I completely agree, but as far as I know it's only (and I use that word carefully) people with both visual and audio impairments that you cannot cater for. If you could you'd render all CAPTCHA implementations I'm aware of pointless.

I completely agree that this is less than ideal, and I really don't like preventing legitimate potential users from using my sites, but I'd rather have a usable and clean (yes, most automated posts are dirty in some way) site than one that nobody wants to use. This is a choice we have to make otherwise there's no point creating the site at all.

Holding my hand up now as a lazy developer, the CAPTCHA I have on my sites is not accessible what with it being simply an image with no audio alternative. We have plans to switch it to using recaptcha or implement our own but in terms of priorities it's pretty low for my 2- man team (myself included).

The best defence against dodgy inputs I've seen so far has been having a good community on the site who pro-actively look for and take action against it. Best example I can think of this late in the day is Wikipedia.

As I see it, I could be wrong, but that's just an example of "developers" who are not taking the easy way out, but rather trying to solve the problem by using something other than CAPTCHA, like the ones I posted earlier.

Yes and no. Wikipedia has its share of problems with spammers, but they have such a large community of users who are willing and able to put time into keeping the site clean it works. The same site with a different type of user profile may not be able to work this way.

As far as it being down to the developer I think you're giving credit where little is due. It's the user response to the completely open nature of the original product that prevented them from having to implement CAPTCHA's to prevent automated posting. Had the community of users not been so proactive I don't doubt they would have ended up using them.

Look, we are not in disagreement -- I understand that you have deadlines and projects that can't be put on hold and all the other excuses you cite -- actually, so do I. But in the end, we are doing this at the cost of accessibility for others. We shouldn't lose sight of that.

I think we do disagree on a fundamental level. You think we've all given up because we have CAPTCHA's, I believe in the innovative potential of most developers. We're using CAPTCHA's a lot, and we're doing it because none of us have come up with anything better yet, but that certainly doesn't mean we've given up trying.

If your site is free to use I would modify your statement to say...

"CAPTCHA's show the world that you care about the quality of the content on your site without needing to charge for its use, but remember that we haven't given up trying to find a better way"

Not quite as catchy as yours, but more accurate. If people need to pay to use your site then the need for CAPTCHA's is reduced but I'd argue that in some cases they're still needed.

-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux